Internet Explorer has discovered a dangerous vulnerability, XXE, that allows you to steal files from computers.
XXE (XML eXternal Entity) was discovered by security researcher John page. The “hole” opens when you run the file in MHT (MHTML Web Archive) format, in which all versions of IE save web pages by default.
Because all MHT files are automatically opened by default in Internet Explorer on Windows, using this vulnerability is trivial. The user only needs to double-click on the file received by e-mail or in another way.
The programmer said that they had personally been tested discovered vulnerability. For the test, he used the Internet Explorer v11 browser with all the latest security updates in Windows 7, Windows 10, and Windows Server 2012 R2.
Microsoft was notified of the existence of a “hole” on March 27, but the software giant considered this vulnerability not particularly dangerous, and did not make it to the list for urgent elimination. In response, Microsoft said that the issue of correction “will be considered in a future version”, but for now “the case is closed”.